Cisco Cisco Web Security Appliance S190 Guía Del Usuario
A-14
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Appendix A Troubleshooting
Upstream Proxy Problems
•
Microsoft Windows Update
•
Microsoft Visual Studio
Workaround: Create a class of user for the URL that does not require authentication.
Related Topics
•
Bypassing Authentication, page 5-20
Cannot Access Sites With POST Requests
When the user’s first client request is a POST request and the user still needs to authenticate, the POST
body content is lost. This might be a problem when the POST request is for a application with the Access
Control single sign-on feature in use.
body content is lost. This might be a problem when the POST request is for a application with the Access
Control single sign-on feature in use.
Workarounds:
•
Have users first authenticate with the Web Proxy by requesting a different URL through the browser
before connecting to a URL that uses POST as a first request.
before connecting to a URL that uses POST as a first request.
•
Bypass authentication for URLs that use POST as a first request.
Note
When working with Access Control, you can bypass authentication for the Assertion Consumer
Service (ACS) URL configured in the Application Authentication Policy.
Service (ACS) URL configured in the Application Authentication Policy.
Related Topics
•
Bypassing Authentication, page 5-20
.
Upstream Proxy Problems
•
•
Upstream Proxy Does Not Receive Basic Credentials
If both the appliance and the upstream proxy use authentication with NTLMSSP, depending on the
configurations, the appliance and upstream proxy might engage in an infinite loop of requesting
authentication credentials. For example, if the upstream proxy requires Basic authentication, but the
appliance requires NTLMSSP authentication, then the appliance can never successfully pass Basic
credentials to the upstream proxy. This is due to limitations in authentication protocols.
configurations, the appliance and upstream proxy might engage in an infinite loop of requesting
authentication credentials. For example, if the upstream proxy requires Basic authentication, but the
appliance requires NTLMSSP authentication, then the appliance can never successfully pass Basic
credentials to the upstream proxy. This is due to limitations in authentication protocols.
Client Requests Fail Upstream Proxy
Configuration:
•
Web Security appliance and upstream proxy server use Basic authentication.
•
Credential Encryption is enabled on the downstream Web Security appliance.